How to detect and prevent procurement fraud

The case for a hybrid analytical approach

In 2009, a contract specialist for the US State Department issued a sole source contract to a Virginia company to perform work at US Foreign Service posts around the world. Between 2009 and 2011, that company received 43 contracts worth a total of more than $52 million. Not bad for a company with only three employees.

Trouble was, two of them were the contract specialist’s husband and her daughter. The marriage was supposed to be secret, but the couple owned joint property and had posted their wedding photos on social media. Oops. The scheme was successful for a while, but it ended as these things tend to (if discovered) – in a federal indictment.

The procurement process is ripe for fraud. According to Pricewaterhouse Coopers, nearly 30 percent of organizations report incidents that compromise the integrity of the fair bidding process and cause millions of dollars in losses.1

Criminals count on the fact that you’re dealing with a huge amount of data and too few humans looking at it.

There are so many ways to exploit the process. For instance, a procurement officer could:

Falsify or inflate a need for a product or service.

Write the RFP such that only a favored vendor could qualify.

Split the business into smaller purchases that fall under the radar.

Leak details of the bid process to give one vendor an advantage.

Contractors can work in collusion to manipulate how the contract is awarded. You pat my back, I’ll pat yours. Or they can submit old pricing schedules to win the business, then try to correct their intentional “error” after the award. The most brazen fraudsters overcharge, deliver counterfeit goods, abuse the change order process, or submit bogus invoices for goods or services that were never delivered.

You would think these tactics would be easy to spot, but they’re not. Auditors have relied on cumbersome manual processes, inadequate and siloed data, hindsight reviews, tips and whistleblowers to uncover the fraud. In other words, they learn about it after the fact. After the money has disappeared and the substandard goods have failed.

That’s too late.

What if you could connect more dots, and connect them sooner, without a lot of manual intervention? What if you could see fraud coming, even a cleverly designed scheme, and stop it as it happens – or before? You can.

Toward a hybrid analytic approach

Business rules are a good place to start. If bidders show up on a disbarred list, don’t give them a contract. If too many invoices come in on the same day, check them out. Simple enough. However, business rules typically only catch simple schemes and data entry errors.

Analytics changes the game. With the right analytic techniques, you can focus on areas that warrant more scrutiny, without delaying proper transactions.

Anomaly detection looks for behaviors that are unusual or unexpected.

Historical anomaly detection looks at changes in behavior over time. If the system sees a sudden, drastic shift from historical patterns – with nothing to explain it – this would be flagged and factored into the overall fraud risk score.

Peer grouping or clustering compares one’s behavior to the norm for a similar peer group and identifies behaviors that are drastically different from what would be expected for that group or type of procurement.

Profiling defines the typical attributes of good guys and bad guys. When it sees a pattern that matches that of known fraudsters, the system recognizes and flags it accordingly.

If something is one or two standard deviations from normal, it gets a low risk score and causes no concern. But if a scenario is three, four or 10 times outside the standard deviation of normal, the system will give it a high score and flag it for attention.

Text mining identifies patterns and anomalies from unstructured data, such as reports and social media. For example, if a procurement officer who makes $65,000 a year posts pictures of extravagant purchases on Facebook, you might want to check it out.

With advanced analytics, you can build models that identify attributes or patterns that are highly correlated with known fraud, even for complex and emerging schemes. Analytics answers questions that manual or ad-hoc methods miss. Does this look like the typical habit of bid riggers or those known for counterfeit parts? Does this series of invoices, stair-stepping up and down in dollar value, indicate a vendor trying to find the threshold of scrutiny?

Since much procurement fraud involves collusion, associative linking is invaluable. Link analysis finds relationships among entities based on static attributes (such as phone numbers, addresses or bank accounts) or transactional attributes (business relationships, referrals, etc.). A relationship might be innocuous, but even for valid business you want to be able to show you have done due diligence vetting relationships.

Advantages of a hybrid analytical approach

Each technique has a different fit. Rules screen out straightforward cases. Anomaly detection compares what looks normal and unusual. Predictive analysis finds suspicious patterns that would otherwise be hidden. And link analysis points to possible collusion. Independently, each method is very good at detecting a certain type of fraud, but when used in combination, you can see so much more.

These analytical techniques also provide checks and balances for each other. For example, link analysis might reveal a family relationship between parties, but anomaly detection shows the transaction to be normal compared to others of its type. Nothing untoward. This cross-pollination helps reduce false positives, so the system does not generate alerts that consume investigators’ time for no gain.

Ideally, this hybrid approach operates in a loop. What is learned from past fraud (and from suspicious events that proved to be benign) is all fed back into the detection engine to make it ever more accurate and predictive. When the analytics can learn and adapt to change, the system is continuously improving and produces fewer and fewer false positives and false negatives over time.